actions / attest-sbom
Action for generating SBOM attestations for workflow artifacts
☆25Updated this week
Alternatives and similar repositories for attest-sbom:
Users that are interested in attest-sbom are comparing it to the libraries listed below
- ☆15Updated last month
- Proof-of-concept SLSA provenance generator for GitHub Actions☆99Updated 2 years ago
- Github Action implementation of SLSA Provenance Generation☆47Updated this week
- A GitHub Action used for publishing an Action to ghcr.io as an OCI container.☆57Updated 4 months ago
- Generate SBOMs with gh CLI☆178Updated 5 months ago
- Run tfsec with reviewdog on pull requests to enforce security best practices☆73Updated this week
- An SBOM query language and associated utilities☆54Updated last year
- Action for generating attestations for workflow artifacts☆43Updated this week
- ☆32Updated 4 months ago
- A GitHub Action to suggest removal of non-organization members from CODEOWNERS files☆127Updated this week
- Impersonate a GitHub App Token inside Actions☆61Updated 4 years ago
- Sets up Open Policy Agent CLI in your GitHub Actions workflow.☆48Updated 11 months ago
- An Action for printing OIDC claims in GitHub Actions.☆82Updated 7 months ago
- Compare vulnerability scanners results (to make them better!)☆16Updated last week
- A Github Action to ensure that actions are pinned to full length commit SHAs☆39Updated this week
- Sysdig Terraform provider. Allow to handle Sysdig Secure policies as code.☆52Updated last week
- ☆16Updated 11 months ago
- Github action that turns your reusable workflows and custom actions into easy to read markdown tables.☆48Updated last week
- Prevent leaks with gitleaks, and use tests to validate☆32Updated 2 months ago
- Need to centrally manage and run Actions workflows across multiple repositories? This app does it for you.☆133Updated 10 months ago
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆41Updated last year
- Terraform module for Policy Sentry.☆25Updated 4 years ago
- A GitHub Action for using Conftest☆33Updated 3 years ago
- Runs Kubesec as GitHub action☆18Updated 3 years ago
- GitHub Action to check PRs for signed commits☆52Updated 7 months ago
- Run multiple open source security static analysis tools without the added complexity with OSSAR (Open Source Static Analysis Runner).☆96Updated 10 months ago
- Throw a tag at it and it comes back with a checksum.☆112Updated last week
- A GitHub App that acts like a Security Token Service (STS) for the Github API☆151Updated this week
- Experimental: TFLint ruleset plugin for writing custom rules in Rego.☆65Updated this week
- Pre-commit git hooks for Open Policy Agent (OPA) and Rego development☆66Updated 3 years ago